Watchguard Firebox X Peak platform

power_matz

Thank you for the instructions.
After doing all that I see that if the bridge only works if on the interface (re2 in my case) the bridge is assigned is up. If a device on re3 (also a member of the bridge) is the only one then the bridge is offline.
Is the a mistake on my side?

stephenw10

The bridge should be assigned to a non-physical interface such as OPT2. The members of the bridge are the physical interfaces, re2 re3 etc.
That way bridge itself will always appear as UP.

Steve

power_matz

ok, got that.
Do you think one rule for the bridge in the firewall is enough?
I don't have to define for each interface a rule, or?

stephenw10

Have read through the first few posts here: http://forum.pfsense.org/index.php/topic,20917.0.html

As I said above the default settings mean that the firewalling is done on the member interfaces not the bridge.
There are settings in Advanced: System Tunables: to change that. However I seem to remember reading that they may not work any longer. Try it and see.  ;)

net.link.bridge.pfil_member 	Set to 0 to disable filtering on the incoming and outgoing member interfaces. 	default (1) 	

net.link.bridge.pfil_bridge 	Set to 1 to enable filtering on the bridge interface 	default (0) 	

Steve

power_matz

Yes, I read that before and tried it out. It seems that it don't work.
One device on a port in the bridge wants a IP per DHCP and this is blocked by the firewall. So adding the rule worked.

But I will give it another try after a reboot this evening.

stephenw10

Yes you may well have to reboot or at least reload something before those tunables take effect.

Steve

power_matz

OK!  ;D
It is (always) as you said. Setting the tunables is working. I needed only some rules for the bridge interface and voila everything is running as I wanted.
Brilliant!
Thank you for your input.

stephenw10

No problem.  :)
Hopefully this may prove useful for anyone else searching for bridging.

Steve

shanon

Minor update regarding my challenges booting images later than version 1.2.3 RC1:

I recently acquired a couple of Portwell NAR5060 boxes which are of a somewhat similar age as the Firebox X Peak and share some similar hardware.  The good news is that I've got pfSense 2.0.1 nanobsd running on that hardware without modification and I hope to use this to free up the Firebox for bench testing.

I also recently got a mini-PCI VGA card, but I'm only halfway through figuring out its pinout and wiring a cable.

Hope to get a little further tomorrow… work has been busy, so progress is slow unfortunately.

mwp

You ever get the safenet card to work?

moogoom

@stephenw10:

Edit: Anyone reading this: These are instructons are old and overly complex. See this post for a simpler updated solution.

Mostly for my own benefit because I completely hosed my install messing about with ACPI and have to reflash my CF card.  ::)
Here's some concise instructions for installing the firebox lcd software.
Download the file with the driver, lcdd3.tar, from here (can't attach it to this post  >:()
http://sites.google.com/site/pfsensefirebox/home/lcdd3.tar?attredirects=0
Copy it to the firebox to /var/tmp. This is a folder that only exists in memory and gets wiped at boot. I used WinSCP.
Connect to the box (with putty via ssh or serial or whatever). Then:

[root@pfSense.local]/root(2): cd /var/tmp

[root@pfSense.local]/var/tmp(5): tar -xvf lcdd3.tar
x ./install-embed.lcdd.sh
x ./lcdd/
x ./lcdd/drivers/
x ./lcdd/LCDd.conf
x ./lcdd/lcdd.sh
x ./lcdd/lcdproc
x ./lcdd/LCDd
x ./lcdd/drivers/curses.so
x ./lcdd/drivers/sdeclcd.so
x ./lcdd2.tar

[root@pfSense.local]/var/tmp(7): ./install-embed.lcdd.sh

[root@pfSense.local]/var/tmp(8): cd /lib

[root@pfSense.local]/lib(10): /etc/rc.conf_mount_rw

[root@pfSense.local]/lib(11): ln -s libc.so.7 libc.so.6

[root@pfSense.local]/lib(12): ln -s libkvm.so.4 libkvm.so.3

[root@pfSense.local]/lib(13): /etc/rc.conf_mount_ro

[root@pfSense.local]/lib(14): /usr/local/etc/rc.d/lcdd.sh

And it should all be working!  ;)
I have removed a few steps from the other instructions on the forum. I have included the newest driver in the tarball. I found I didn't need to alter the permisions of the install script.
I tested this on a fresh install of the embedded 1.2.3-release.
It will not work on 2.0 beta, I tried!  :P

Steve

Edit: It does work in 2.0 you have to sym link both libkvm.so.3 and libkvm.so.4 to libkvm.so.5

I have problem with installation. When I write on terminal: "./install-embed.lcdd.sh", I see: "mount: /dev/ad2s1a : Device busy" … Why I can't install ?

stephenw10

It's because that script was originally written for an embedded install of pfSense 1.2. The embbeded install (and the Nanobsd install) runs with the file system mounted read-only to minimise writes to flash media. The  script remounts it as RW, installs the various files and then remounts it RO again. This won't work on a full install that you are running.
Besides that as I wrote at the top it's now very out of date.
Try this post instead. I can't say if that will work any better since it's still writtenb for Nano but I changed it to use the correct mount script rather than attempting to mount the filesystem directly. I have never tried it on a full install.
If that still doesn't work that you can just edit the install script, install3.sh, and remove the remount calls.

Steve